So I found a solution and it seems like there is unexpected behavior from
nginx. proxy_hide_header Set-Cookie does not seem to work when the location
block is set to /
So:
location / {
#Lots of other proxy stuff here......
proxy_hide_header "Set-Cookie"; }
does not allow a cookie to ever be set, but:
location ~home.html {
#Lots of other proxy stuff here......
proxy_hide_header "Set-Cookie"; }
will allow cache HITS but won't cache Set-Cookie headers. Clients are still
able to get the cookies from the back end and will never get another users
session cookies.
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,265629,265658#msg-265658